uawdijnntqw1x1x1
IP : 216.73.217.142
Hostname : localhost.localdomain
Kernel : Linux localhost.localdomain 4.15.0-213-generic #224-Ubuntu SMP Mon Jun 19 13:30:12 UTC 2023 x86_64
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
OS : Linux
PATH:
/
var
/
www
/
qai-e-syn
/
public_html
/
.htaccess
/
/
### =========================================================================== ### Security Enhanced & Highly Optimized .htaccess File for Joomla! ### automatically generated by Admin Tools 6.1.11 on 2023-10-04 12:55:12 UTC ### Auto-detected Apache version: 2.2 (best guess) ### =========================================================================== ### ### The contents of this file are based on the same author's work "Master ### .htaccess". ### ### Admin Tools is Free Software, distributed under the terms of the GNU ### General Public License version 3 or, at your option, any later version ### published by the Free Software Foundation. ### ### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ### !! !! ### !! If you get an Internal Server Error 500 or a blank page when trying !! ### !! to access your site, remove this file and try tweaking its settings !! ### !! in the back-end of the Admin Tools component. !! ### !! !! ### !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ### ##### RewriteEngine enabled - BEGIN RewriteEngine On ##### RewriteEngine enabled - END ##### RewriteBase set - BEGIN RewriteBase / ##### RewriteBase set - END ##### HTTP to HTTPS redirection ## Since you have enabled HSTS the first redirection rule will instruct the browser to visit the HTTPS version of your ## site. This prevents unsafe redirections through HTTP. RewriteCond %{HTTPS} !=on [OR] RewriteCond %{HTTP:X-Forwarded-Proto} =http RewriteRule .* https://qai.e-synergisud.fr%{REQUEST_URI} [L,R=301] ##### File execution order -- BEGIN DirectoryIndex index.php index.html ##### File execution order -- END ##### Follow symlinks -- BEGIN ##### Follow symlinks -- END ##### Optimal default expiration time - BEGIN <IfModule mod_expires.c> # Enable expiration control ExpiresActive On # No caching for specific resource types ## -- Application cache manifest ExpiresByType text/cache-manifest "now" ## -- XML and JSON ExpiresByType application/json "now" ExpiresByType application/xml "now" ExpiresByType text/xml "now" ## RSS and Atom feeds: 1 hour (hardcoded) ExpiresByType application/atom+xml "now plus 1 hour" ExpiresByType application/rss+xml "now plus 1 hour" # CSS and JS expiration: 1 week after request ExpiresByType text/css "now plus 1 week" ExpiresByType text/javascript "now plus 1 week" ExpiresByType application/javascript "now plus 1 week" ExpiresByType application/ld+json "now plus 1 week" ExpiresByType application/x-javascript "now plus 1 week" # Image files expiration: 1 month after request ExpiresByType application/ico "now plus 1 month" ExpiresByType application/smil "now plus 1 month" ExpiresByType application/vnd.wap.wbxml "now plus 1 month" ExpiresByType image/bmp "now plus 1 month" ExpiresByType image/gif "now plus 1 month" ExpiresByType image/ico "now plus 1 month" ExpiresByType image/icon "now plus 1 month" ExpiresByType image/jp2 "now plus 1 month" ExpiresByType image/jpeg "now plus 1 month" ExpiresByType image/jpg "now plus 1 month" ExpiresByType image/pipeg "now plus 1 month" ExpiresByType image/png "now plus 1 month" ExpiresByType image/svg+xml "now plus 1 month" ExpiresByType image/tiff "now plus 1 month" ExpiresByType image/vnd.microsoft.icon "now plus 1 month" ExpiresByType image/vnd.wap.wbmp "now plus 1 month" ExpiresByType image/webp "now plus 1 month" ExpiresByType image/x-icon "now plus 1 month" ExpiresByType text/ico "now plus 1 month" # Font files expiration: 1 week after request ExpiresByType application/font-woff "now plus 1 week" ExpiresByType application/font-woff2 "now plus 1 week" ExpiresByType application/vnd.ms-fontobject "now plus 1 week" ExpiresByType application/x-font-opentype "now plus 1 week" ExpiresByType application/x-font-ttf "now plus 1 week" ExpiresByType application/x-font-woff "now plus 1 week" ExpiresByType font/opentype "now plus 1 week" ExpiresByType font/otf "now plus 1 week" ExpiresByType font/ttf "now plus 1 week" ExpiresByType font/woff "now plus 1 week" ExpiresByType font/woff2 "now plus 1 week" # Audio files expiration: 1 month after request ExpiresByType application/ogg "now plus 1 month" ExpiresByType audio/3gpp "now plus 1 month" ExpiresByType audio/3gpp2 "now plus 1 month" ExpiresByType audio/aac "now plus 1 month" ExpiresByType audio/basic "now plus 1 month" ExpiresByType audio/mid "now plus 1 month" ExpiresByType audio/midi "now plus 1 month" ExpiresByType audio/mp3 "now plus 1 month" ExpiresByType audio/mpeg "now plus 1 month" ExpiresByType audio/ogg "now plus 1 month" ExpiresByType audio/opus "now plus 1 month" ExpiresByType audio/x-aiff "now plus 1 month" ExpiresByType audio/x-mpegurl "now plus 1 month" ExpiresByType audio/x-pn-realaudio "now plus 1 month" ExpiresByType audio/x-wav "now plus 1 month" ExpiresByType audio/wav "now plus 1 month" # Movie files expiration: 1 month after request ExpiresByType application/x-shockwave-flash "now plus 1 month" ExpiresByType video/3gpp "now plus 1 month" ExpiresByType video/3gpp2 "now plus 1 month" ExpiresByType video/mp4 "now plus 1 month" ExpiresByType video/mpeg "now plus 1 month" ExpiresByType video/ogg "now plus 1 month" ExpiresByType video/quicktime "now plus 1 month" ExpiresByType video/webm "now plus 1 month" ExpiresByType video/x-la-asf "now plus 1 month" ExpiresByType video/x-ms-asf "now plus 1 month" ExpiresByType video/x-msvideo "now plus 1 month" ExpiresByType x-world/x-vrml "now plus 1 month" </IfModule> # Disable caching of administrator/index.php <Files "administrator/index.php"> <IfModule mod_expires.c> ExpiresActive Off </IfModule> <IfModule mod_headers.c> Header unset ETag Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate" Header set Pragma "no-cache" Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT" </IfModule> </Files> ##### Optimal default expiration time - END ##### Common hacking tools and bandwidth hoggers block -- BEGIN SetEnvIf user-agent "(?i:WebBandit)" stayout=1 SetEnvIf user-agent "(?i:webbandit)" stayout=1 SetEnvIf user-agent "(?i:Acunetix)" stayout=1 SetEnvIf user-agent "(?i:binlar)" stayout=1 SetEnvIf user-agent "(?i:BlackWidow)" stayout=1 SetEnvIf user-agent "(?i:Bolt 0)" stayout=1 SetEnvIf user-agent "(?i:Bot mailto:craftbot@yahoo.com)" stayout=1 SetEnvIf user-agent "(?i:BOT for JCE)" stayout=1 SetEnvIf user-agent "(?i:casper)" stayout=1 SetEnvIf user-agent "(?i:checkprivacy)" stayout=1 SetEnvIf user-agent "(?i:ChinaClaw)" stayout=1 SetEnvIf user-agent "(?i:clshttp)" stayout=1 SetEnvIf user-agent "(?i:cmsworldmap)" stayout=1 SetEnvIf user-agent "(?i:comodo)" stayout=1 SetEnvIf user-agent "(?i:Custo)" stayout=1 SetEnvIf user-agent "(?i:Default Browser 0)" stayout=1 SetEnvIf user-agent "(?i:diavol)" stayout=1 SetEnvIf user-agent "(?i:DIIbot)" stayout=1 SetEnvIf user-agent "(?i:DISCo)" stayout=1 SetEnvIf user-agent "(?i:dotbot)" stayout=1 SetEnvIf user-agent "(?i:Download Demon)" stayout=1 SetEnvIf user-agent "(?i:eCatch)" stayout=1 SetEnvIf user-agent "(?i:EirGrabber)" stayout=1 SetEnvIf user-agent "(?i:EmailCollector)" stayout=1 SetEnvIf user-agent "(?i:EmailSiphon)" stayout=1 SetEnvIf user-agent "(?i:EmailWolf)" stayout=1 SetEnvIf user-agent "(?i:Express WebPictures)" stayout=1 SetEnvIf user-agent "(?i:extract)" stayout=1 SetEnvIf user-agent "(?i:ExtractorPro)" stayout=1 SetEnvIf user-agent "(?i:EyeNetIE)" stayout=1 SetEnvIf user-agent "(?i:feedfinder)" stayout=1 SetEnvIf user-agent "(?i:FHscan)" stayout=1 SetEnvIf user-agent "(?i:FlashGet)" stayout=1 SetEnvIf user-agent "(?i:flicky)" stayout=1 SetEnvIf user-agent "(?i:GetRight)" stayout=1 SetEnvIf user-agent "(?i:GetWeb!)" stayout=1 SetEnvIf user-agent "(?i:Go-Ahead-Got-It)" stayout=1 SetEnvIf user-agent "(?i:Go!Zilla)" stayout=1 SetEnvIf user-agent "(?i:grab)" stayout=1 SetEnvIf user-agent "(?i:GrabNet)" stayout=1 SetEnvIf user-agent "(?i:Grafula)" stayout=1 SetEnvIf user-agent "(?i:harvest)" stayout=1 SetEnvIf user-agent "(?i:HMView)" stayout=1 SetEnvIf user-agent "(?i:ia_archiver)" stayout=1 SetEnvIf user-agent "(?i:Image Stripper)" stayout=1 SetEnvIf user-agent "(?i:Image Sucker)" stayout=1 SetEnvIf user-agent "(?i:InterGET)" stayout=1 SetEnvIf user-agent "(?i:Internet Ninja)" stayout=1 SetEnvIf user-agent "(?i:InternetSeer.com)" stayout=1 SetEnvIf user-agent "(?i:jakarta)" stayout=1 SetEnvIf user-agent "(?i:Java)" stayout=1 SetEnvIf user-agent "(?i:JetCar)" stayout=1 SetEnvIf user-agent "(?i:JOC Web Spider)" stayout=1 SetEnvIf user-agent "(?i:kmccrew)" stayout=1 SetEnvIf user-agent "(?i:larbin)" stayout=1 SetEnvIf user-agent "(?i:LeechFTP)" stayout=1 SetEnvIf user-agent "(?i:libwww)" stayout=1 SetEnvIf user-agent "(?i:Mass Downloader)" stayout=1 SetEnvIf user-agent "(?i:Maxthon$)" stayout=1 SetEnvIf user-agent "(?i:microsoft.url)" stayout=1 SetEnvIf user-agent "(?i:MIDown tool)" stayout=1 SetEnvIf user-agent "(?i:miner)" stayout=1 SetEnvIf user-agent "(?i:Mister PiX)" stayout=1 SetEnvIf user-agent "(?i:NEWT)" stayout=1 SetEnvIf user-agent "(?i:MSFrontPage)" stayout=1 SetEnvIf user-agent "(?i:Navroad)" stayout=1 SetEnvIf user-agent "(?i:NearSite)" stayout=1 SetEnvIf user-agent "(?i:Net Vampire)" stayout=1 SetEnvIf user-agent "(?i:NetAnts)" stayout=1 SetEnvIf user-agent "(?i:NetSpider)" stayout=1 SetEnvIf user-agent "(?i:NetZIP)" stayout=1 SetEnvIf user-agent "(?i:nutch)" stayout=1 SetEnvIf user-agent "(?i:Octopus)" stayout=1 SetEnvIf user-agent "(?i:Offline Explorer)" stayout=1 SetEnvIf user-agent "(?i:Offline Navigator)" stayout=1 SetEnvIf user-agent "(?i:PageGrabber)" stayout=1 SetEnvIf user-agent "(?i:Papa Foto)" stayout=1 SetEnvIf user-agent "(?i:pavuk)" stayout=1 SetEnvIf user-agent "(?i:pcBrowser)" stayout=1 SetEnvIf user-agent "(?i:PeoplePal)" stayout=1 SetEnvIf user-agent "(?i:planetwork)" stayout=1 SetEnvIf user-agent "(?i:psbot)" stayout=1 SetEnvIf user-agent "(?i:purebot)" stayout=1 SetEnvIf user-agent "(?i:pycurl)" stayout=1 SetEnvIf user-agent "(?i:RealDownload)" stayout=1 SetEnvIf user-agent "(?i:ReGet)" stayout=1 SetEnvIf user-agent "(?i:Rippers 0)" stayout=1 SetEnvIf user-agent "(?i:SeaMonkey$)" stayout=1 SetEnvIf user-agent "(?i:sitecheck.internetseer.com)" stayout=1 SetEnvIf user-agent "(?i:SiteSnagger)" stayout=1 SetEnvIf user-agent "(?i:skygrid)" stayout=1 SetEnvIf user-agent "(?i:SmartDownload)" stayout=1 SetEnvIf user-agent "(?i:sucker)" stayout=1 SetEnvIf user-agent "(?i:SuperBot)" stayout=1 SetEnvIf user-agent "(?i:SuperHTTP)" stayout=1 SetEnvIf user-agent "(?i:Surfbot)" stayout=1 SetEnvIf user-agent "(?i:tAkeOut)" stayout=1 SetEnvIf user-agent "(?i:Teleport Pro)" stayout=1 SetEnvIf user-agent "(?i:Toata dragostea mea pentru diavola)" stayout=1 SetEnvIf user-agent "(?i:turnit)" stayout=1 SetEnvIf user-agent "(?i:vikspider)" stayout=1 SetEnvIf user-agent "(?i:VoidEYE)" stayout=1 SetEnvIf user-agent "(?i:Web Image Collector)" stayout=1 SetEnvIf user-agent "(?i:Web Sucker)" stayout=1 SetEnvIf user-agent "(?i:WebAuto)" stayout=1 SetEnvIf user-agent "(?i:WebCopier)" stayout=1 SetEnvIf user-agent "(?i:WebFetch)" stayout=1 SetEnvIf user-agent "(?i:WebGo IS)" stayout=1 SetEnvIf user-agent "(?i:WebLeacher)" stayout=1 SetEnvIf user-agent "(?i:WebReaper)" stayout=1 SetEnvIf user-agent "(?i:WebSauger)" stayout=1 SetEnvIf user-agent "(?i:Website eXtractor)" stayout=1 SetEnvIf user-agent "(?i:Website Quester)" stayout=1 SetEnvIf user-agent "(?i:WebStripper)" stayout=1 SetEnvIf user-agent "(?i:WebWhacker)" stayout=1 SetEnvIf user-agent "(?i:WebZIP)" stayout=1 SetEnvIf user-agent "(?i:Wget)" stayout=1 SetEnvIf user-agent "(?i:Widow)" stayout=1 SetEnvIf user-agent "(?i:WWW-Mechanize)" stayout=1 SetEnvIf user-agent "(?i:WWWOFFLE)" stayout=1 SetEnvIf user-agent "(?i:Xaldon WebSpider)" stayout=1 SetEnvIf user-agent "(?i:Zeus)" stayout=1 SetEnvIf user-agent "(?i:zmeu)" stayout=1 SetEnvIf user-agent "(?i:CazoodleBot)" stayout=1 SetEnvIf user-agent "(?i:discobot)" stayout=1 SetEnvIf user-agent "(?i:ecxi)" stayout=1 SetEnvIf user-agent "(?i:GT::WWW)" stayout=1 SetEnvIf user-agent "(?i:heritrix)" stayout=1 SetEnvIf user-agent "(?i:HTTP::Lite)" stayout=1 SetEnvIf user-agent "(?i:HTTrack)" stayout=1 SetEnvIf user-agent "(?i:ia_archiver)" stayout=1 SetEnvIf user-agent "(?i:id-search)" stayout=1 SetEnvIf user-agent "(?i:id-search.org)" stayout=1 SetEnvIf user-agent "(?i:IDBot)" stayout=1 SetEnvIf user-agent "(?i:Indy Library)" stayout=1 SetEnvIf user-agent "(?i:IRLbot)" stayout=1 SetEnvIf user-agent "(?i:ISC Systems iRc Search 2.1)" stayout=1 SetEnvIf user-agent "(?i:LinksManager.com_bot)" stayout=1 SetEnvIf user-agent "(?i:linkwalker)" stayout=1 SetEnvIf user-agent "(?i:lwp-trivial)" stayout=1 SetEnvIf user-agent "(?i:MFC_Tear_Sample)" stayout=1 SetEnvIf user-agent "(?i:Microsoft URL Control)" stayout=1 SetEnvIf user-agent "(?i:Missigua Locator)" stayout=1 SetEnvIf user-agent "(?i:panscient.com)" stayout=1 SetEnvIf user-agent "(?i:PECL::HTTP)" stayout=1 SetEnvIf user-agent "(?i:PHPCrawl)" stayout=1 SetEnvIf user-agent "(?i:PleaseCrawl)" stayout=1 SetEnvIf user-agent "(?i:SBIder)" stayout=1 SetEnvIf user-agent "(?i:Snoopy)" stayout=1 SetEnvIf user-agent "(?i:Steeler)" stayout=1 SetEnvIf user-agent "(?i:URI::Fetch)" stayout=1 SetEnvIf user-agent "(?i:urllib)" stayout=1 SetEnvIf user-agent "(?i:Web Sucker)" stayout=1 SetEnvIf user-agent "(?i:webalta)" stayout=1 SetEnvIf user-agent "(?i:WebCollage)" stayout=1 SetEnvIf user-agent "(?i:Wells Search II)" stayout=1 SetEnvIf user-agent "(?i:WEP Search)" stayout=1 SetEnvIf user-agent "(?i:zermelo)" stayout=1 SetEnvIf user-agent "(?i:ZyBorg)" stayout=1 SetEnvIf user-agent "(?i:Indy Library)" stayout=1 SetEnvIf user-agent "(?i:libwww-perl)" stayout=1 SetEnvIf user-agent "(?i:Go!Zilla)" stayout=1 SetEnvIf user-agent "(?i:TurnitinBot)" stayout=1 SetEnvIf user-agent "(?i:sqlmap)" stayout=1 <IfModule !mod_authz_core.c> deny from env=stayout </IfModule> <IfModule mod_authz_core.c> <RequireAll> Require all granted Require not env stayout </RequireAll> </IfModule> ##### Common hacking tools and bandwidth hoggers block -- END ##### Automatic compression of resources -- BEGIN # Automatically serve .css.gz, .css.br, .js.gz or .js.br instead of the original file # These are versions of the files pre-compressed with GZip or Brotli, respectively <IfModule mod_headers.c> # Serve Brotli compressed CSS files if they exist and the client accepts Brotli. RewriteCond "%{HTTP:Accept-encoding}" "br" RewriteCond "%{REQUEST_FILENAME}\.br" -s RewriteRule "^(.*)\.css" "$1\.css\.br" [QSA] # Serve Brotli compressed JS files if they exist and the client accepts Brotli. RewriteCond "%{HTTP:Accept-encoding}" "br" RewriteCond "%{REQUEST_FILENAME}\.br" -s RewriteRule "^(.*)\.js" "$1\.js\.br" [QSA] # Serve correct content types, and prevent double compression. RewriteRule "\.css\.br$" "-" [E=no-gzip:1] RewriteRule "\.css\.br$" "-" [T=text/css,E=no-brotli:1,L] RewriteRule "\.js\.br$" "-" [E=no-gzip:1] RewriteRule "\.js\.br$" "-" [T=text/javascript,E=no-brotli:1,L] <FilesMatch "(\.js\.br|\.css\.br)$"> # Serve correct encoding type. Header append Content-Encoding br # Force proxies to cache gzipped & non-gzipped css/js files separately. Header append Vary Accept-Encoding </FilesMatch> # Serve gzip compressed CSS files if they exist and the client accepts gzip. RewriteCond "%{HTTP:Accept-encoding}" "gzip" RewriteCond "%{REQUEST_FILENAME}\.gz" -s RewriteRule "^(.*)\.css" "$1\.css\.gz" [QSA] # Serve gzip compressed JS files if they exist and the client accepts gzip. RewriteCond "%{HTTP:Accept-encoding}" "gzip" RewriteCond "%{REQUEST_FILENAME}\.gz" -s RewriteRule "^(.*)\.js" "$1\.js\.gz" [QSA] # Serve correct content types, and prevent mod_deflate double gzip. # Also set it as the last rule to prevent the Front- or Backend protection from preventing access to the .gz file. RewriteRule "\.css\.gz$" "-" [E=no-brotli:1] RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1,L] RewriteRule "\.js\.gz$" "-" [E=no-brotli:1] RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1,L] <FilesMatch "(\.js\.gz|\.css\.gz)$"> # Serve correct encoding type. Header append Content-Encoding gzip # Force proxies to cache gzipped & non-gzipped css/js files separately. Header append Vary Accept-Encoding </FilesMatch> </IfModule> ## Automatically compress by MIME type using mod_brotli. Takes priority due to better compression ratio. <IfModule mod_brotli.c> AddOutputFilterByType BROTLI_COMPRESS text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript text/javascript image/svg+xml </IfModule> ## Automatically compress by MIME type using mod_deflate. <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript text/javascript image/svg+xml </IfModule> ## Fallback to mod_gzip when neither mod_brotli nor mod_deflate is available <IfModule !mod_brotli.c> <IfModule !mod_deflate.c> <IfModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_keep_workfiles No mod_gzip_can_negotiate Yes mod_gzip_add_header_count Yes mod_gzip_send_vary Yes mod_gzip_min_http 1000 mod_gzip_minimum_file_size 300 mod_gzip_maximum_file_size 512000 mod_gzip_maximum_inmem_size 60000 mod_gzip_handle_methods GET mod_gzip_item_include file \.(html?|txt|css|js|php|pl|xml|rb|py|svg|scgz)$ mod_gzip_item_include mime ^text/javascript$ mod_gzip_item_include mime ^text/plain$ mod_gzip_item_include mime ^text/xml$ mod_gzip_item_include mime ^text/css$ mod_gzip_item_include mime ^application/xml$ mod_gzip_item_include mime ^application/xhtml+xml$ mod_gzip_item_include mime ^application/rss+xml$ mod_gzip_item_include mime ^application/javascript$ mod_gzip_item_include mime ^application/x-javascript$ mod_gzip_item_include mime ^image/svg+xml$ mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include handler ^server-status$ mod_gzip_item_include handler ^server-info$ mod_gzip_item_include handler ^application/x-httpd-php mod_gzip_item_exclude mime ^image/.* </ifmodule> </IfModule> </IfModule> ##### Automatic compression of resources -- END ## Force GZip compression for mangled Accept-Encoding headers <IfModule mod_setenvif.c> <IfModule mod_headers.c> SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding </IfModule> </IfModule> ##### Redirect www to non-www -- BEGIN RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^(.*)$ https://%1/$1 [R=301,L] ##### Redirect www to non-www -- END ##### Rewrite rules to block out some common exploits -- BEGIN RewriteCond %{QUERY_STRING} proc/self/environ [OR] RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] RewriteCond %{QUERY_STRING} base64_(en|de)code\(.*\) [OR] RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule .* index.php [F] ##### Rewrite rules to block out some common exploits -- END ##### File injection protection -- BEGIN RewriteCond %{REQUEST_METHOD} GET RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http[s]?:// [OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC] RewriteRule .* - [F] ##### File injection protection -- END ##### Advanced server protection rules exceptions -- BEGIN RewriteRule ^administrator\/components\/com_akeeba\/restore\.php$ - [L] RewriteRule ^administrator\/components\/com_akeebabackup\/restore\.php$ - [L] RewriteRule ^administrator\/components\/com_joomlaupdate\/restore\.php$ - [L] RewriteRule ^administrator\/components\/com_joomlaupdate\/extract\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !(\.php)$ RewriteCond %{REQUEST_FILENAME} -f RewriteRule ^\.well\-known/ - [L] ##### Advanced server protection rules exceptions -- END ##### Advanced server protection -- BEGIN ## Disable PHP Easter Eggs RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} [NC] RewriteRule .* - [F] #### Back-end protection RewriteRule ^administrator/?$ - [L] RewriteRule ^administrator/index\.(php|html?)$ - [L] RewriteRule ^administrator/(components|modules|templates|images|plugins)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|webp|xsl|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|WEBP)$ - [L] RewriteRule ^administrator/ - [F] #### Disable client-side risky behavior in backend static content <If "%{REQUEST_URI} =~ m#^/administrator/(components|modules|templates|images|plugins)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|htm|ttf|woff|woff2|eot|webp|xsl|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|WEBP)$#"> <IfModule mod_headers.c> Header always set Content-Security-Policy "default-src 'self'; script-src 'none';" </IfModule> </If> #### Front-end protection ## Allow limited access for certain directories with client-accessible content RewriteRule ^(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|ico|htm|ttf|woff|woff2|eot|webp|xsl|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|WEBP)$ - [L] RewriteRule ^(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/ - [F] #### Disable client-side risky behavior in frontend static content <If "%{REQUEST_URI} =~ m#^/(components|modules|templates|images|plugins|media|libraries|media/jui/fonts)/.*\.(jpe|jpg|jpeg|jp2|jpe2|png|gif|bmp|css|js|swf|html|mpg|mp3|mpeg|mp4|avi|wav|ogg|ogv|xls|xlsx|doc|docx|ppt|pptx|zip|rar|pdf|xps|txt|7z|svg|odt|ods|odp|flv|mov|ico|htm|ttf|woff|woff2|eot|webp|xsl|JPG|JPEG|PNG|GIF|CSS|JS|TTF|WOFF|WOFF2|EOT|WEBP)$#"> <IfModule mod_headers.c> Header always set Content-Security-Policy "default-src 'self'; script-src 'none';" </IfModule> </If> ## Disallow front-end access for certain Joomla! system directories (unless access to their files is allowed above) RewriteRule ^includes/js/ - [L] RewriteRule ^(cache|includes|language|logs|log|tmp)/ - [F] RewriteRule ^(configuration\.php|CONTRIBUTING\.md|htaccess\.txt|joomla\.xml|LICENSE\.txt|phpunit\.xml|README\.txt|web\.config\.txt) - [F] ## Explicitly allow access to the site's index.php main entry point file RewriteRule ^index.php(/.*){0,1}$ - [L] ## Explicitly allow access to the site's robots.txt file RewriteRule ^robots.txt$ - [L] ## Disallow access to all other PHP files throughout the site, unless they are explicitly allowed RewriteCond %{REQUEST_FILENAME} (\.php)$ RewriteCond %{REQUEST_FILENAME} -f RewriteRule (.*\.php)$ - [F] ##### Advanced server protection rules exceptions also bypass the “disable client-side risky behavior” features -- BEGIN <If "%{REQUEST_URI} == '/administrator/components/com_akeeba/restore.php'"> <IfModule mod_headers.c> Header always unset Content-Security-Policy </IfModule> </If> <If "%{REQUEST_URI} == '/administrator/components/com_akeebabackup/restore.php'"> <IfModule mod_headers.c> Header always unset Content-Security-Policy </IfModule> </If> <If "%{REQUEST_URI} == '/administrator/components/com_joomlaupdate/restore.php'"> <IfModule mod_headers.c> Header always unset Content-Security-Policy </IfModule> </If> <If "%{REQUEST_URI} == '/administrator/components/com_joomlaupdate/extract.php'"> <IfModule mod_headers.c> Header always unset Content-Security-Policy </IfModule> </If> <If "%{REQUEST_URI} =~ m#^\.well\-known/#"> <IfModule mod_headers.c> Header always unset Content-Security-Policy </IfModule> </If> ##### Advanced server protection rules exceptions also bypass the “disable client-side risky behavior” features -- END ## Disallow access to htaccess.txt, php.ini, .user.ini and configuration.php-dist RewriteRule ^(htaccess\.txt|configuration\.php-dist|php\.ini|\.user\.ini)$ - [F] # Disallow access to all other front-end folders RewriteCond %{REQUEST_FILENAME} -d RewriteCond %{REQUEST_URI} !^/ RewriteRule .* - [F] # Disallow access to all other front-end files RewriteCond %{REQUEST_FILENAME} -f RewriteRule !^index.php$ - [F] ## Remove Apache and PHP version signature <IfModule mod_headers.c> Header always unset X-Powered-By Header always unset X-Content-Powered-By </IfModule> ServerSignature Off ##### Advanced server protection -- END ## HSTS Header - See http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS </IfModule> ## Referrer-policy <IfModule mod_headers.c> Header always set Referrer-Policy "unsafe-url" </IfModule> ##### Joomla! core SEF Section -- BEGIN # PHP FastCGI fix for HTTP Authorization RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] ##### Joomla! core SEF Section -- BEGIN RewriteCond %{REQUEST_URI} !^/index\.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule .* index.php [L] ##### Joomla! core SEF Section -- END
/var/www/qai-e-syn/public_html/.htaccess